{"id":"https://openalex.org/W4323349076","doi":"https://doi.org/10.56553/popets-2023-0046","title":"Privacy Property Graph: Towards Automated Privacy Threat Modeling via Static Graph-based Analysis","display_name":"Privacy Property Graph: Towards Automated Privacy Threat Modeling via Static Graph-based Analysis","publication_year":2023,"publication_date":"2023-03-07","ids":{"openalex":"https://openalex.org/W4323349076","doi":"https://doi.org/10.56553/popets-2023-0046"},"language":"en","primary_location":{"id":"doi:10.56553/popets-2023-0046","is_oa":true,"landing_page_url":"https://doi.org/10.56553/popets-2023-0046","pdf_url":"https://petsymposium.org/popets/2023/popets-2023-0046.pdf","source":{"id":"https://openalex.org/S4210183172","display_name":"Proceedings on Privacy Enhancing Technologies","issn_l":"2299-0984","issn":["2299-0984"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320322","host_organization_name":"De Gruyter Open","host_organization_lineage":["https://openalex.org/P4310320322","https://openalex.org/P4310313990"],"host_organization_lineage_names":["De Gruyter Open","De Gruyter"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings on Privacy Enhancing Technologies","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"hybrid","oa_url":"https://petsymposium.org/popets/2023/popets-2023-0046.pdf","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5076525809","display_name":"Immanuel Kunz","orcid":"https://orcid.org/0000-0002-4669-0030"},"institutions":[{"id":"https://openalex.org/I4210136922","display_name":"Fraunhofer Institute for Applied and Integrated Security","ror":"https://ror.org/03w0bbr97","country_code":"DE","type":"facility","lineage":["https://openalex.org/I4210136922","https://openalex.org/I4923324"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Immanuel Kunz","raw_affiliation_strings":["Fraunhofer AISEC"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Fraunhofer AISEC","institution_ids":["https://openalex.org/I4210136922"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5064790260","display_name":"Konrad Weiss","orcid":"https://orcid.org/0000-0002-1282-2162"},"institutions":[{"id":"https://openalex.org/I4210136922","display_name":"Fraunhofer Institute for Applied and Integrated Security","ror":"https://ror.org/03w0bbr97","country_code":"DE","type":"facility","lineage":["https://openalex.org/I4210136922","https://openalex.org/I4923324"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Konrad Weiss","raw_affiliation_strings":["Fraunhofer AISEC"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Fraunhofer AISEC","institution_ids":["https://openalex.org/I4210136922"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5039210041","display_name":"Angelika Schneider","orcid":"https://orcid.org/0000-0002-8962-3276"},"institutions":[{"id":"https://openalex.org/I4210136922","display_name":"Fraunhofer Institute for Applied and Integrated Security","ror":"https://ror.org/03w0bbr97","country_code":"DE","type":"facility","lineage":["https://openalex.org/I4210136922","https://openalex.org/I4923324"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Angelika Schneider","raw_affiliation_strings":["Fraunhofer AISEC"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Fraunhofer AISEC","institution_ids":["https://openalex.org/I4210136922"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5058901565","display_name":"Christian Banse","orcid":"https://orcid.org/0000-0002-4874-0273"},"institutions":[{"id":"https://openalex.org/I4210136922","display_name":"Fraunhofer Institute for Applied and Integrated Security","ror":"https://ror.org/03w0bbr97","country_code":"DE","type":"facility","lineage":["https://openalex.org/I4210136922","https://openalex.org/I4923324"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Christian Banse","raw_affiliation_strings":["Fraunhofer AISEC"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Fraunhofer AISEC","institution_ids":["https://openalex.org/I4210136922"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":6.0182,"has_fulltext":true,"cited_by_count":15,"citation_normalized_percentile":{"value":0.96278314,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":98},"biblio":{"volume":"2023","issue":"2","first_page":"171","last_page":"187"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9926999807357788,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9926999807357788,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9868000149726868,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9775000214576721,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8542995452880859},{"id":"https://openalex.org/keywords/implementation","display_name":"Implementation","score":0.6255528926849365},{"id":"https://openalex.org/keywords/graph","display_name":"Graph","score":0.5740548372268677},{"id":"https://openalex.org/keywords/taint-checking","display_name":"Taint checking","score":0.5734894871711731},{"id":"https://openalex.org/keywords/privacy-software","display_name":"Privacy software","score":0.4924813210964203},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.48052510619163513},{"id":"https://openalex.org/keywords/information-privacy","display_name":"Information privacy","score":0.4639520049095154},{"id":"https://openalex.org/keywords/threat-model","display_name":"Threat model","score":0.4347561001777649},{"id":"https://openalex.org/keywords/data-flow-diagram","display_name":"Data flow diagram","score":0.4242861866950989},{"id":"https://openalex.org/keywords/suite","display_name":"Suite","score":0.4217660129070282},{"id":"https://openalex.org/keywords/theoretical-computer-science","display_name":"Theoretical computer science","score":0.3635886311531067},{"id":"https://openalex.org/keywords/database","display_name":"Database","score":0.18454739451408386},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.17567461729049683},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.16313597559928894}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8542995452880859},{"id":"https://openalex.org/C26713055","wikidata":"https://www.wikidata.org/wiki/Q245962","display_name":"Implementation","level":2,"score":0.6255528926849365},{"id":"https://openalex.org/C132525143","wikidata":"https://www.wikidata.org/wiki/Q141488","display_name":"Graph","level":2,"score":0.5740548372268677},{"id":"https://openalex.org/C63116202","wikidata":"https://www.wikidata.org/wiki/Q7676227","display_name":"Taint checking","level":3,"score":0.5734894871711731},{"id":"https://openalex.org/C509729295","wikidata":"https://www.wikidata.org/wiki/Q7246032","display_name":"Privacy software","level":3,"score":0.4924813210964203},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.48052510619163513},{"id":"https://openalex.org/C123201435","wikidata":"https://www.wikidata.org/wiki/Q456632","display_name":"Information privacy","level":2,"score":0.4639520049095154},{"id":"https://openalex.org/C140547941","wikidata":"https://www.wikidata.org/wiki/Q7797194","display_name":"Threat model","level":2,"score":0.4347561001777649},{"id":"https://openalex.org/C489000","wikidata":"https://www.wikidata.org/wiki/Q747385","display_name":"Data flow diagram","level":2,"score":0.4242861866950989},{"id":"https://openalex.org/C79581498","wikidata":"https://www.wikidata.org/wiki/Q1367530","display_name":"Suite","level":2,"score":0.4217660129070282},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.3635886311531067},{"id":"https://openalex.org/C77088390","wikidata":"https://www.wikidata.org/wiki/Q8513","display_name":"Database","level":1,"score":0.18454739451408386},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.17567461729049683},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.16313597559928894},{"id":"https://openalex.org/C95457728","wikidata":"https://www.wikidata.org/wiki/Q309","display_name":"History","level":0,"score":0.0},{"id":"https://openalex.org/C166957645","wikidata":"https://www.wikidata.org/wiki/Q23498","display_name":"Archaeology","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.56553/popets-2023-0046","is_oa":true,"landing_page_url":"https://doi.org/10.56553/popets-2023-0046","pdf_url":"https://petsymposium.org/popets/2023/popets-2023-0046.pdf","source":{"id":"https://openalex.org/S4210183172","display_name":"Proceedings on Privacy Enhancing Technologies","issn_l":"2299-0984","issn":["2299-0984"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320322","host_organization_name":"De Gruyter Open","host_organization_lineage":["https://openalex.org/P4310320322","https://openalex.org/P4310313990"],"host_organization_lineage_names":["De Gruyter Open","De Gruyter"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings on Privacy Enhancing Technologies","raw_type":"journal-article"}],"best_oa_location":{"id":"doi:10.56553/popets-2023-0046","is_oa":true,"landing_page_url":"https://doi.org/10.56553/popets-2023-0046","pdf_url":"https://petsymposium.org/popets/2023/popets-2023-0046.pdf","source":{"id":"https://openalex.org/S4210183172","display_name":"Proceedings on Privacy Enhancing Technologies","issn_l":"2299-0984","issn":["2299-0984"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320322","host_organization_name":"De Gruyter Open","host_organization_lineage":["https://openalex.org/P4310320322","https://openalex.org/P4310313990"],"host_organization_lineage_names":["De Gruyter Open","De Gruyter"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings on Privacy Enhancing Technologies","raw_type":"journal-article"},"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","score":0.5299999713897705,"id":"https://metadata.un.org/sdg/16"}],"awards":[{"id":"https://openalex.org/G7842005466","display_name":null,"funder_award_id":"Horizon 2020","funder_id":"https://openalex.org/F4320320300","funder_display_name":"European Commission"},{"id":"https://openalex.org/G8438735759","display_name":null,"funder_award_id":"952633","funder_id":"https://openalex.org/F4320320300","funder_display_name":"European Commission"}],"funders":[{"id":"https://openalex.org/F4320320300","display_name":"European Commission","ror":"https://ror.org/00k4n6c32"}],"has_content":{"grobid_xml":false,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4323349076.pdf"},"referenced_works_count":38,"referenced_works":["https://openalex.org/W45053571","https://openalex.org/W287184503","https://openalex.org/W1548561497","https://openalex.org/W1576308807","https://openalex.org/W1590752147","https://openalex.org/W1905449337","https://openalex.org/W1963971515","https://openalex.org/W1964053994","https://openalex.org/W1992114977","https://openalex.org/W2022222867","https://openalex.org/W2029344129","https://openalex.org/W2071252521","https://openalex.org/W2088216519","https://openalex.org/W2100660575","https://openalex.org/W2116560806","https://openalex.org/W2138788987","https://openalex.org/W2139061144","https://openalex.org/W2376050373","https://openalex.org/W2472351859","https://openalex.org/W2492039822","https://openalex.org/W2497080131","https://openalex.org/W2613822183","https://openalex.org/W2754570878","https://openalex.org/W2868546737","https://openalex.org/W2901859209","https://openalex.org/W2937448485","https://openalex.org/W2941513828","https://openalex.org/W2943690029","https://openalex.org/W2982620932","https://openalex.org/W3013132547","https://openalex.org/W3041017658","https://openalex.org/W3042893554","https://openalex.org/W3093996718","https://openalex.org/W3094287401","https://openalex.org/W3129994362","https://openalex.org/W3161650434","https://openalex.org/W3212106901","https://openalex.org/W4206497364"],"related_works":["https://openalex.org/W2116878667","https://openalex.org/W2101582069","https://openalex.org/W2219269088","https://openalex.org/W2127814706","https://openalex.org/W2584827882","https://openalex.org/W2118333568","https://openalex.org/W2994243660","https://openalex.org/W2528109871","https://openalex.org/W1598195095","https://openalex.org/W2549995367"],"abstract_inverted_index":{"Privacy":[0],"threat":[1,42,118,141,152],"modeling":[2,43,142],"should":[3],"be":[4,12,22,65,80],"done":[5],"frequently":[6],"throughout":[7],"development":[8],"and":[9,62,143,162],"production":[10],"to":[11,14,37,82,158,165],"able":[13],"quickly":[15],"mitigate":[16],"threats.":[17,86],"Yet,":[18],"it":[19,146],"can":[20,64,79],"also":[21,111,147],"a":[23,48,72,93,113],"very":[24],"time-consuming":[25],"activity.":[26],"In":[27],"this":[28,89],"paper,":[29],"we":[30,91,110],"use":[31],"an":[32,107],"enhanced":[33],"code":[34,54],"property":[35],"graph":[36,98],"partly":[38],"automate":[39],"the":[40,97,151],"privacy":[41,57,85,117,125,160,166],"process:":[44],"It":[45],"automatically":[46],"generates":[47],"data":[49,60],"flow":[50],"diagram":[51],"from":[52],"source":[53],"which":[55,63,120],"exhibits":[56],"properties":[58],"of":[59,74,140],"flows,":[61],"analyzed":[66],"semi-automatically":[67],"via":[68],"queries.":[69],"We":[70,131],"provide":[71],"list":[73],"such":[75,106],"reusable":[76],"queries":[77],"that":[78,133,145],"used":[81],"detect":[83,159],"various":[84],"To":[87],"enable":[88],"analysis,":[90],"integrate":[92],"taint-tracking":[94],"mechanism":[95],"into":[96],"using":[99],"privacy-specific":[100],"labels.":[101],"Since":[102],"no":[103],"benchmark":[104],"for":[105,116,123],"approach":[108,135],"exists,":[109],"present":[112],"test":[114],"suite":[115],"implementations":[119,122],"comprises":[121],"22":[124],"threats":[126],"in":[127],"multiple":[128],"programming":[129],"languages.":[130],"expect":[132],"our":[134],"significantly":[136],"reduces":[137],"time":[138],"consumption":[139],"show":[144],"has":[148],"potential":[149],"beyond":[150],"categories":[153],"defined":[154],"by":[155],"LINDDUN,":[156],"e.g.":[157],"anti-patterns":[161],"verify":[163],"compliance":[164],"policies.":[167]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":5},{"year":2024,"cited_by_count":3},{"year":2023,"cited_by_count":5},{"year":2022,"cited_by_count":1}],"updated_date":"2026-06-16T09:24:06.705377","created_date":"2025-10-10T00:00:00"}